mirror of
https://github.com/yusing/godoxy.git
synced 2026-04-23 16:58:31 +02:00
feat(rules): add $redacted dynamic variable for masking sensitive values
Introduces a new `$redacted` dynamic variable that wraps its single argument with `strutils.Redact`, allowing sensitive values (e.g., authorization headers, query parameters) to be masked in rule expressions. The variable accepts exactly one argument, which may itself be a nested dynamic variable expression such as `$header(Authorization)` or `$arg(token)`, enabling patterns like `$redacted($header(Authorization))`. Adds corresponding tests covering plain string redaction, nested header and query arg wrapping, and the error case when no argument is provided.
This commit is contained in:
@@ -6,6 +6,7 @@ import (
|
||||
"strconv"
|
||||
|
||||
httputils "github.com/yusing/goutils/http"
|
||||
strutils "github.com/yusing/goutils/strings"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -15,6 +16,7 @@ var (
|
||||
VarQuery = "arg"
|
||||
VarForm = "form"
|
||||
VarPostForm = "postform"
|
||||
VarRedacted = "redacted"
|
||||
)
|
||||
|
||||
type dynamicVarGetter struct {
|
||||
@@ -94,6 +96,17 @@ var dynamicVarSubsMap = map[string]dynamicVarGetter{
|
||||
return getValueByKeyAtIndex(req.PostForm, key, index)
|
||||
},
|
||||
},
|
||||
// VarRedacted wraps the result of its single argument (which may be another dynamic var
|
||||
// expression, already expanded by expandArgs) with strutils.Redact.
|
||||
VarRedacted: {
|
||||
phase: PhaseNone,
|
||||
get: func(args []string, w *httputils.ResponseModifier, req *http.Request) (string, error) {
|
||||
if len(args) != 1 {
|
||||
return "", ErrExpectOneArg
|
||||
}
|
||||
return strutils.Redact(args[0]), nil
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
func getValueByKeyAtIndex[Values http.Header | url.Values](values Values, key string, index int) (string, error) {
|
||||
|
||||
Reference in New Issue
Block a user